What Is Claimed Is: 

1 1 . \v method for facilitating the delegation of operations involved in 

2 providing digitamignatures to a signature server, the method comprising: 

3 receiving aVequest for a digital signature from a user at the signature 

4 server, the request including an item to be signed on behalf of the user by the 

5 signature server; \ 

6 looking up a private key for the user at the signature server; 

7 signing the item with the private key for the user; and 

8 returning the signed Vem to the user so that the user can send the signed 

9 item to a recipient. \ 

1 2. The method of clam 1, wherein prior to signing the item, the 

2 method further comprises authenticVting the user. 

1 3. The method of claim 2,Vherein prior to signing the item, the 

2 method further comprises determining \vhether the user is authorized to sign the 

3 item. \ 

1 4. The method of claim 3, wherein determining whether the user is 

2 authorized to sign the item involves looking up\n authorization for the user based 

3 upon an identifier for the user as well as an ident^er for an application to which 

4 the user will send the signed item. \ 

1 5. The method of claim 3, wherein determining whether the user is 

2 authorized to sign the item involves communicating with Vi authority server that 

3 is separate from the signature server. \ 
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1 6. the method of claim 1 , further comprising allowing the user to 

2 authenticate the signature server prior to sending the request to the signature 

3 server. 

1 7. The ^lethod of claim 1 , further comprising facilitating encryption 

2 of communications bstv^een the user and the signature server. 

1 8. The method of claim 1 , w^herein the method further comprises 

2 configuring the signature server to accommodate a new user by: 

3 receiving a request npm an authorized entity to add the new user; 

4 generating a key pair i^r the new user, including a new user private key 

5 and a new user public key; 

6 communicating with a edification authority to obtain a certificate for the 

7 new user based on the key pair; ar 

8 storing the certificate and thV key pair for the new user in a location that is 

9 accessible by the signature server to equable the signature server to sign items on 
1 0 behalf of the new user. 

1 9. The method of claim 1 , wnerein the method further comprises 

2 configuring the signature server to delete an old user by: 

3 receiving a request from an authorized entity to delete the old user; 

4 notifying a certification authority to reyoke a certificate for the old user; 

5 and 

6 removing the private key for the old user\from the signature server, so that 

7 the signature server can no longer sign items on behalf of the old user. 
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1 1 0. the method of claim 1 , wherein the method further comprises 

2 archiving the request and the signed item at the signature server. 

1 11. Theynethod of claim 1 , wherein the method further comprises 

2 forwarding the signed item to an archive server in order to be archived. 

1 12. A commiter-readable storage medium storing instructions that 

2 when executed by a coniputer cause the computer to perform a method for 

3 facilitating the delegationW operations involved in providing digital signatures to 

4 a signature server, the methcid comprising: 

5 receiving a request for\a digital signature from a user at the signature 
^ 6 server, the request including an\tem to be signed on behalf of the user by the 

7 signature server; 

8 looking up a private key forVhe user at the signature server; 
J3 9 signing the item with the private key for the user; and 
I 10 returning the signed item to the\user so that the user can send the signed 
^"j 1 1 item to a recipient. 

U1 

f 5 1 13, The computer-readable storage medium of claim 1 2, wherein prior 

F% \ 

2 to signing the item, the method further comprises authenticating the user. 

1 14. The computer-readable storage medium of claim 13, wherein prior 

2 to signing the item, the method further comprises d^etermining whether the user is 

3 authorized to sign the item. 

1 15. The computer-readable storage mediumXof claim 14, wherein 

2 determining whether the user is authorized to sign the it^ involves looking up an 
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3 authorization for the user based upon an identifier for the user as well as an 

4 identifier for an application to which the user will send the signed item. 

1 16. The computer-readable storage medium of claim 14, wherein 

2 determining whether the user is authorized to sign the item involves 

3 communicating with an authority server that is separate from the signature server. 

1 17. The computer-readable storage medium of claim 12, wherein the 

2 method further comprises allowing the user to authenticate the signature server 

3 prior to sending the request to the signature server. 

1 18. The computer-readable storage medium of claim 12, wherein the 

2 method further comprises facilitating encryption of communications between the 

3 user and the signature server. 

1 19. The computer-readable storage medium of claim 12, wherein the 

2 method further comprises configuring the signature server to accommodate a new 

3 user by: \ 

4 receiving a request from an authorized entity to add the new user; 

5 generating a key pair for the neV user, including a new user private key 

6 and a new user public key; 

7 communicating with a certification\authority to obtain a certificate for the 

8 new user based on the key pair; and 

9 storing the certificate and the key pairYor the new user in a location that is 

10 accessible by the signature server to enable theygnature server to sign items on 

1 1 behalf of the new user. 
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20. The computer-readable storage medium of claim 12, wherein the 
method further comprises configuring the signature server to delete an old user by: 

receiving ^request from an authorized entity to delete the old user; 

notifying a certification authority to revoke a certificate for the old user; 
and \ 

removing the private key for the old user fi-om the signature server, so that 
the signature server can no longer sign items on behalf of the old user. 

21. The computer-readable storage medium of claim 12, v^^herein the 
method further comprises archiving the request and the signed item at the 
signature server. \ 

22. The computer-readable storage medium of claim 12, wherein the 
method fiirther comprises forwarding the signed item to an archive server in order 
to be archived. \ 



23. An apparatus that facilitates delegating operations involved in 
providing digital signatures, comprising: \ 
a signature server; \ 

a receiving mechanism within the signature server that is configured to 
receive a request for a digital signature firom a user, the request including an item 
to be signed on behalf of the user by the signature server; 

a lookup mechanism within the signature server that is configured to look 
up a private key for the user; \ 

a signing mechanism within the signature servW that is configured to sign 
the item with the private key for the user; and \ 
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1 1 a sending mechanism within the signature server that is configured to 

12 return the sigVd item to the user so that the user can send the signed item to a 

13 recipient. 

1 24. Th^pparatus of claim 23, further comprising an authentication 

2 mechanism that is c^figured to authenticate the user prior to signing the item. 

1 25. The apparatus of claim 24, further comprising an authorization 

2 mechanism that is configured to determine whether the user is authorized to sign 

3 the item prior to signing the item. 
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1 26. The apparatus of claim 25, wherein the authorization mechanism is 

2 configured to determine whether the user is authorized to sign the item by looking 

3 up an authorization for the user based upon an identifier for the user as well as an 

4 identifier for an application to which the user will send the signed item. 

1 27. The apparatus of claim 25, wherein the authorization mechanism is 

2 configured to determine whether the user is authorized to sign the item by 

3 communicating with an authority servekthat is separate from the signature server. 



1 28. The apparatus of claim 23, fiirther comprising an authentication 

2 mechanism that is configured to allow the u^^r to authenticate the signature server 

3 prior to sending the request to the signature seWer. 



1 29. The apparatus of claim 23, furtheAcomprising an encryption 

2 mechanism that is configured to facilitate encryptiijn of communications between 

3 the user and the signature server. 
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1 30. \ The apparatus of claim 23, further comprising an initiaHzation 

2 mechanism that is configured to: 

3 receive aVequest from an authorized entity to add a new user; 

4 generate a key pair for the new user, including a new user private key and 

5 a new user public k^y; 

6 communicate with a certification authority to obtain a certificate for the 

7 new user based on the ftey pair; and to 

8 store the certificare and the key pair for the new user in a location that is 

9 accessible by the signature\erver to enable the signature server to sign items on 
1 0 behalf of the new user. 



1:" 1 31. The apparatus of c^laim 23, further comprising a deletion 

2 mechanism that is configured to: 
Ij 3 receive a request from an aut'horized entity to delete an old user; 

4 notify a certification authority \) revoke a certificate for the old user; and 

t 5 to 

,1: 6 remove the private key for the old\iser from the signature server, so that 

7 the signature server can no longer sign itemsvon behalf of the old user. 



1 32. The apparatus of claim 23, furthe\ comprising an archiving 

2 mechanism that is configured to archive the reques^ and the signed item at the 

3 signature server. 

1 33. The apparatus of claim 23, further comprising an archiving 

2 mechanism that is configured to forward the signed item tos^an archive server in 

3 order to be archived. 
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